0 Announcements

2020 Status Update

Posted on August 14th, 2020

Posted by cifmaster

Hello everybody, Jack here providing some long needed status updates.

As you can see, the last post on this website has been posted by my predecessor at the beginning of the term. That was in January of 2019. More than one and a half years have passed and not much has been updated on this website. So what happened to CIF in this 1.5 year period? Did we just disappear like the source code for Icewind Dale 2?

Of course not. There has been several compounding factors that caused a long hiatus in the website’s updates. But in order to let you all know the tale, this will be quite a long read. So if you’re ready to dive into a 1.5-year-long tale in the brewing, good luck and here it goes:

First off, the website. Our old web server web1 has been fairly well integrated into our infrastructure at the time. It uses krb5 for logins (AD for WordPress itself), we had a memcache server running on a separate machine, we also split the backend of the website into multiple Apache websites running on separate domains (media, panel, cdn and WordPress) each using their own separate certificate. However, some of this was not well documented. I had found out about how some of these configured only in the past month. And here are where the issues come from.

The cache server was the first to go. At this point I’m not sure when it was decommissioned. With the cache server down, the website was still attempting to reconnect to the server on each request until it reaches a timeout! This made the whole site slower than necessary for a quite some time. But at least it was still usable.

With the introduction of a DMZ into our network for extra security, several of our servers were moved to new IPs. This was a pretty big issue as none of our authentication were functional because of the move. Partially due to the IP change, another part due to the DMZ blocking the communication. In any case, the only thing functional was a master account that was used for uploading plain text posts. No media could be uploaded due to that being separate from WordPress.

Last but not least, the certificates for the website are due to expire each year by May. And since there is nobody in the lab in May, these certs usually would be replaced in September when somebody can finally contact IT and get them to issue us new certs. Since the website is three separate domains linked with rewrite rules and the cdn serves the css and scripts. Once the certificates expire, the website completely breaks.

Due to all three of these things, the website is perpetually in a broken and slow state. As a result, we have decided to focus more on the University provided CCC instead of our own website, to mixed results.

However, that has now changed with the most recent lab infrastructure upgrade. All servers that ranged from Debian 7 to Windows Server 2012 have now have all been retired, our new infrastructure is based on the newly released CentOS 8, with RedHat IDM replacing our old AD system. This website has also been migrated and reconfigured with a new cache server set up and had its certificates replaced with one signed by LetsEncrypt, with an auto-renew script that runs on a systemd timer.

So what does that mean? It means that the website is now the fastest it has been in the past 5 years, it also means that the website will break less, and more secure as its running on a server with automatic security updates and SELinux.

Much more in the lab has been replaced and upgraded. The card reader software, the lab machines, the new storage server, etc… Despite the complications with COVID-19. The CIF lab is still well maintained and cared for. With this new setup, these servers should be able to take care of security updates themselves without maintenance for the next 6+ years!

With the new semester being partially online, much of the events and updates will be posted on Discord. I promise that the website will not be neglected. In any case, stay tuned and look out for our next update!

Jack